tag:www.schneier.com,2016:/blog//2/tag:www.schneier.com,2005:/blog//2.632-2016-09-03T05:39:22ZComments for Project ShamrockA blog covering security and security technology.Movable Typetag:www.schneier.com,2005:/blog//2.632-comment:1552421Comment from Thomas Albright on 2013-07-01Thomas Albrighthttp://twitter.com/thomasalbright
Amazing to see you were writing about this back in 2005. Obviously, more relevant today than ever.]]>
2013-07-01T19:01:08Z2013-07-01T19:01:08Ztag:www.schneier.com,2005:/blog//2.632-comment:43341Comment from Skidoo on 2006-02-15Skidoohttp://trip23.textamerica.com
(I'm a little late to the party; sorry)

I really enjoy your work Mr. Schneier, but this article seems to me to be just another example of the same uninformed histrionics I hear coming from the talking heads on TV.

The Supreme Court has (essentially) already ruled on the question of whether the President was acting within his legal authority when he ordered the implementation of the Terrorist Surveillance Program. Specifically applicable is their ruling on battlefield detention, re the Guantanamo detainees.

The Supreme Court concluded that when Congress overwhelmingly approved the Authorization for the Use of Military Force in the days after September 11th they explicitly gave the President the authority to use "fundamental and accepted incidents of military force in our armed conflict with al-Qaeda." Surely intelligence gathering (particularly that of a tactical nature) can be fairly categorized as a "fundamental and accepted" component of military force.

Mr. Schneier, I'm dispapointed to see a security expert such as yourself wading into the murky waters of legality and partisan politics. I would have preferred a more in-depth analyses of the technologies utilized and the potential effectiveness of such a (supposedly) wide-ranging program. That's why I come here--for the type of stuff those clones on the television never dream of getting into.

]]>
2006-02-15T21:36:08Z2006-02-15T21:36:08Ztag:www.schneier.com,2005:/blog//2.632-comment:33509Comment from ohwell on 2006-01-06ohwell
well when it goes to phone calls, and decided needs to communicate, and the lines are taken away, and companies explain that the number can no longer be connected,and letters opened and questions asked over the amount of phone calls, and why, and decisions made
that its not needed.
sorry these are our decisions to make, not the presidents or his designate to decided on an open basis. or has foreign frioends been outlawed also.
seems that way, and decisions made for us, whether we have the right to?
sorry i havent supported this country its people and the life, to be harrassed,and told where we can go and what we are allowed to do, talking authoritarian governement bush is leading the way to it.
its against the constitution,morals,and rights of freedom, and above all our privacy.
so why doesnt the press print what bush and his wife talks about during sex at night, this is what some records contain they are holding. from men engaged to foriegn ladies. so hows your love life lets print it and save it for the
nsa and the dxepartment of state and justice.
why not its all within the bounds of big brother isn't it!]]>
2006-01-06T23:31:19Z2006-01-06T23:31:19Ztag:www.schneier.com,2005:/blog//2.632-comment:33263Comment from Pat Cahalan on 2006-01-05Pat Cahalan
@ directorblue

You keep avoiding one of my main points, namely that there was already an oversight mechanism in place (FISA) which was ignored. Implementing your own oversight methodology while disregarding the existing methodology doesn't make your activity "okay". I still have seen no compelling justification for bypassing the existing secret court oversight process, especially given that the AG can authorize this sort of activity *before* getting authorization, as long as he reports it to the court.

> The Senate Select Committee on Intelligence (SSCI) is populated
> with members of both parties.

I know that. The committee members are split 8-7 Republican-Democrat, with Ex-Officio Members splitting 2-1 on the same vein. This isn't a partisan political issue, so the composition of the comittee is only partially relevant.

Created pursuant to S.Res. 400, 94th Congress: to oversee and make continuing studies of the intelligence activities and programs of the United States Government, and to submit to the Senate appropriate proposals for legislation and report to the Senate concerning such intelligence activities and programs. In carrying out this purpose, the Select Committee on Intelligence shall make every effort to assure that the appropriate departments and agencies of the United States provide informed and timely intelligence necessary for the executive and legislative branches to make sound decisions affecting the security and vital interests of the Nation. It is further the purpose of this resolution to provide vigilant legislative oversight over the intelligence activities of the United States to assure that such activities are in conformity with the Constitution and laws of the United States.

The first sentence includes three main purposes: to oversee intelligence activities, to propose legislation to the Senate, and to report on intelligence activities to the Senate. Any way you slice it, the NSA affair represents a failure of two of these purposes -> no legislation was proposed to the Senate to change the existing legislation (FISA), and no report was made to the Senate regarding these activities. The SSCI has no authorization capability. They cannot approve intelligence activity themselves. They can only receive reports about intelligence activity, compare that activity to existing law, and report to the remainder of the Senate appropriately.

> Due to reasons of operational security, you cannot widely share
> these kinds of classified operations with "all of Congress".
> That's what the SSCI is for.

This is, by their own jurisdiction statement, *not* what the SSCI is for. This sort of intelligence operation, which operates outside of the bounds of existing legislation, would be precisely the sort of activity for which the SSCI should propose legislation.

("Due to reasons of operational security" is, by the way, a vastly overused and largely incorrectly applied justification for secrecy. In this particular case, it's totally absurd -> why would informing all of Congress endanger this program? And indeed, if informing all of Congress *would* endanger this program, why inform them in the first place? Simply use *the existing FISA court, set up for this purpose*. Then you can inform the SSCI, and they don't have an obligation to tell the rest of the Senate, because you're not asking them to change existing law!)

> Bottom line is that the relevant folks in the Congress, the AG's
> office, White House counsel, the Pentagon -- all of whom are bound
> by the same statutes -- cleared the international taps.

Unfortunately, no. The relevant folks would have been the FISA court members. If you want to change the FISA legislation, the relevant folks would have been the Senate and the House of Representatives. In either case, the people informed do not have the authority to authorize this activity.

> And, putting at its face value, do you think it odd that Congress
> would intend for the President to kill terrorists... but not to
> wiretap them?

Putting it at face value? If the President ordered an American citizen, who was within the borders of the United States and within the jurisdiction of law enforcement agencies, and who was suspected of terrorism, assassinated (as opposed to arrested and tried), I would expect that he would be tossed out of office.

So no, I don't think Congress intends for the President to "kill terrorists". And regardless of what Congress *intends* or *wants*, the question at hand is "what are they authorized to do?"

]]>
2006-01-05T16:20:16Z2006-01-05T16:20:16Ztag:www.schneier.com,2005:/blog//2.632-comment:33221Comment from David Thomas on 2006-01-04David Thomas
"And, putting at its face value, do you think it odd that Congress would intend for the President to kill terrorists... but not to wiretap them?"

Okay, as much as I try to keep things civil...

#$^*&!*@!#$!

]]>
2006-01-05T04:22:03Z2006-01-05T04:22:03Ztag:www.schneier.com,2005:/blog//2.632-comment:33218Comment from Davi Ottenheimer on 2006-01-04Davi Ottenheimerhttp://davi.poetry.org/
"Bottom line is that the relevant folks in the Congress, the AG's office, White House counsel, the Pentagon...cleared the international taps."

Wha? The issue was the more-general-than-international taps, right? Besides that, I guess you agree with the definition of "cleared" that the Administration is flocking:

"Got my memo? Good, now go away."

Every time someone suggests that there was real oversight, it weakens the President's case because it erodes his policy of "I'm in charge, damn it". Don't forget that the whole line of reasoning behind the need to restoke the Exec powers, fueled by Cheney's vision of governance, was that the Pres should get to do as he pleases without checks and balances because his role is to know what's best for the country. Yeah, even violating the Geneva convention was fair game according to the now-AG if the Pres said so. This was then coupled with the fact that his party was put in control of both houses and the supreme court.

Now, when the @#$% actually hits the fan, the Pres tries to find a way to say the opposing party was at fault? Yeah. When your hand is still in the cookie jar, don't try to blame the dog.

]]>
2006-01-05T03:59:07Z2006-01-05T03:59:07Ztag:www.schneier.com,2005:/blog//2.632-comment:33207Comment from directorblue on 2006-01-04directorbluehttp://directorblue.blogspot.com
The Senate Select Committee on Intelligence (SSCI) is populated with members of both parties. Due to reasons of operational security, you cannot widely share these kinds of classified operations with "all of Congress". That's what the SSCI is for.

Bottom line is that the relevant folks in the Congress, the AG's office, White House counsel, the Pentagon -- all of whom are bound by the same statutes -- cleared the international taps.

And, putting at its face value, do you think it odd that Congress would intend for the President to kill terrorists... but not to wiretap them?

> The list of folks who participated does include a variety
> of bi-partisan Congress-folks (including members of the
> SSCI such as Jay Rockefeller)

Jay Rockefeller is indeed a registered Democrat, but without delving into his voting record I don't know how "bi-partisan" he really is - I'm not West Virginian and have a hard enough time tracking my own senators and congresspeople. However, as Anonymous (11:38 pm 01/03/2006) said, a few select members of Congress is not "congressional approval".

In particular, without knowing
(a) who, exactly, was informed
(b) when they were informed
(c) how they were approached
(d) what they got out of the deal

we can't objectively measure if there are conflicts on interest going on in this exchange.

Again, you're dodging my point -> to have true oversight/audit, you have to have independence between the parties. With all of the communications between the Administration and the "people in the know" being muddled, you can't possibly convince me that this is a reasonable oversight process.

Especially considering that there already is a methodology for oversight (using the FISA court) that was simply bypassed.

If the surveillance was so legitimate, what was the rationale behind circumventing the existing oversight mechanism... and if this rationale is in fact reasonable, (as Bruce pointed out), why wasn't an attempt made to change the oversight mechanism within the bounds of the law?

]]>
2006-01-04T17:28:53Z2006-01-04T17:28:53Ztag:www.schneier.com,2005:/blog//2.632-comment:33129Comment from Anonymous on 2006-01-03Anonymous
"Recall that in 2003, Rockefeller claims he stuffed a CYA note in his safe, rather than register a formal complaint with the AG's office (who were already cleared on the taps). It does make you wonder about his motivations."

From what I heard, he sent the letter... but that aside, a few select members of the Congress is not "congressional approval" and I would hardly expect Jay Rockefeller to strongly advocate *less* power for the government... Who cares whether he's trying to cover his ass? That's an issue for his next election, and has no bearing on anything here.

The list of folks who participated does include a variety of bi-partisan Congress-folks (including members of the SSCI such as Jay Rockefeller).

Recall that in 2003, Rockefeller claims he stuffed a CYA note in his safe, rather than register a formal complaint with the AG's office (who were already cleared on the taps). It does make you wonder about his motivations.

]]>
2006-01-04T01:08:51Z2006-01-04T01:08:51Ztag:www.schneier.com,2005:/blog//2.632-comment:33107Comment from Anonymous on 2006-01-03Anonymous
"Anyway, remember that any powers not specifically given to the government is reserved for the people."

... or the states, of course, though that's not relevant to this case.

]]>
2006-01-04T00:32:13Z2006-01-04T00:32:13Ztag:www.schneier.com,2005:/blog//2.632-comment:33080Comment from Dennis on 2006-01-03Dennis
"Anyway, remember that any powers not specifically given to the government is reserved for the people."

Man, I love it when somebody remembers that for a change. Not many people do these days.

Your list of oversight mechanisms includes a great many administration appointees and nothing in the way of oversight by other governmental bodies. The DOJ is a department of the Executive branch, not the Legislative or Judicial. You can't have effective oversight if the people "signing off" all work under you in an org chart :)

Bush states that Congressional members were briefed, but (as yet, anyway), I haven't heard which congressmen were briefed, exactly. Moreover, "briefing" isn't the same as "signed off".

Also, "top officials" != "Who signed off on this, exactly?" Top officials isn't an exact term.

re: Powerline

Not to dispute any blog's credibility, but Powerline is definitely a partisan blog, set up and run by conservatives, by its own admission.

This means that any discussion of the issues on Powerline is going to lack a full analysis, in the same way that a liberal blog would lack a full analysis. High powered attorneys who share the same political leanings aren't going to debate a topic as thoroughly or as well as high powered attorneys who are polarized politically.

One of the nice things about Bruce's blog is that it's a security blog, which means that we get liberals and conservatives and libertarians and greens and even the occasional anarchist. Political leanings aside, security is security.

And regardless of your political leanings, you have to admit that a oversight body should not be subservient to the body it's auditing -> that's horrible security. Whether or not it is or was abused is irrelevent, it's just bad security.

"...Every 45 days or so it is carefully reviewed; it must have the approval of top legal officials from the Attorney General to the White House Counsel. The activities that are conducted under this authorization are thoroughly reviewed by the Department of Justice and by the National Security Agency legal officials, including the General Counsel and the Inspector General. There is intense oversight of it, as General Hayden, the Deputy Director of National Intelligence, talked about. And the decisions that are made under this authorization, which is very limited, again, are made by career intelligence officials at NSA..."

I checked out the PowerLine blog, and - unfortunately, they tripped off a couple of alarms on my end, most notably, citing Clinton-era NSA activity that supposedly included baby monitors.

First, the fact that Clinton did or did not do anything does not make it more or less legal.

Second, we're talking baby monitors. Hell, a NASCAR-fan with a halfway decent scanner can listen in on those. (Or, as was demonstrated by one news reporter some years back, you could just run down to Radio Shack, buy the same kit, and tap into the signal being broadcast.)

Powerline appears to be a good blog if one is interested in the conservative take ... but the above didn't yield good marks for reasoning.

]]>
2006-01-03T07:54:39Z2006-01-03T07:54:39Ztag:www.schneier.com,2005:/blog//2.632-comment:33027Comment from Tank on 2006-01-02Tank
"Can either of you recommend further information sources such as forums or chat rooms where one may ask questions and get knowledgable answers."

I read Volokh.com which is just legal analysis. There are a couple of other legal blogs like IsThatLegal.org and you should find the rest via the sidebar links on each site.

Searches via Technorati and google blogsearch for obscure terms should help you turn up blogs dedicated to specific topics.

]]>
2006-01-03T03:01:04Z2006-01-03T03:01:04Ztag:www.schneier.com,2005:/blog//2.632-comment:33023Comment from Bruce Schneier on 2006-01-02Bruce Schneierhttp://www.schneier.com/blog
"You would do much better to argue for amending the Constitution than calling illegal that which you don't seem familiar with."

This can't possibly be addressed to me, can it? My familiarity with this program, whatever it is called, is at least as good as anyone else without a clearance.

Anyway, remember that any powers not specifically given to the government is reserved for the people. I would much rather that Bush tried to amend the Constitution than decide that it means whatever he wants it to mean. It actually isn't just a goddamned piece of paper.

]]>
2006-01-03T01:57:56Z2006-01-03T01:57:56Ztag:www.schneier.com,2005:/blog//2.632-comment:33020Comment from David on 2006-01-02Davidhttp://cradle.brokenglass.com/
@Hype

Good point about threadjacking. I think there are more general security implications to be taken from this (unintended consequences, information flow in a complex system), so I hope the discussion is still informative and relevant.

@Directorblue

I recommend reading some of the original reporting. The uproar is over surveillance that appears to be occuring *within* the United States. Nobody seems to be questioning the legality of foreign surveillance of calls that have one terminal in the U.S. From the original NYT article:

"Under the agency's long-standing rules, the NSA can target for interception phone calls or e-mail messages on foreign soil, even if the recipients of those communications are in the United States. Usually, though, the government can only target phones and e-mail messages in this country by first obtaining a court order from the Foreign Intelligence Surveillance Court, which holds its closed sessions at the Justice Department.

Since 2002, the agency has been conducting some warrantless eavesdropping on people in the United States who are linked, even if indirectly, to suspected terrorists through the chain of phone numbers and e-mail addresses, according to several officials who know of the operation. Under the special program, the agency monitors their international communications, the officials said. The agency, for example, can single out phone calls from someone in New York to someone in Afghanistan."

There are many unanswered questions, but the article contains hints about how surveillance targets are selected. I heard one person describe it as "Six Degrees of Kevin Al-Bacon."

In my experience, partisan blogs are frequently unreliable sources of information. I like to read the original reporting, then turn to blogs for analysis. That way, I can easily see what facts are being ignored or glossed over.

I tend to check the RSS Feeds here, the New York Times, and the Washington Post, as well as local papers (which often syndicated Associated Press, NYT, and Washington Post articles anyway).

My congressman tends to be fairly good at staying in touch with constituents, whether by regular newsletter or written response. (I had criticized him for his absence on an important vote, and he pointed out where he was and why he'd missed it.)

The other thing is to hone one's critical thinking skills and recognize flawed or insufficient arguments on their face. An excellent resource is the 'Rules for Rationals,' in the appendix of 'Psychology of the Psychic' by Marks & Kammeman. (The book itself is a look at psychics such as Uri Geller, but the Rules emphasize some common-sense practices that will serve you well.)

]]>
2006-01-03T00:13:06Z2006-01-03T00:13:06Ztag:www.schneier.com,2005:/blog//2.632-comment:33015Comment from Anonymous on 2006-01-02Anonymous
You would do much better to argue for amending the Constitution than calling illegal that which you don't seem familiar with.]]>
2006-01-02T22:54:16Z2006-01-02T22:54:16Ztag:www.schneier.com,2005:/blog//2.632-comment:33012Comment from directorblue on 2006-01-02directorbluehttp://directorblue.blogspot.com
@David, one other interesting aspect to this story (noted on Powerline) was the following:

"[President Bush] said that the program consists of tracking phone calls made from al Qaeda members overseas into the U.S. If that is correct, then the media's frequent references to "domestic spying" are incorrect. When asked what Bush has to say to those who are concerned about their civil liberties, he responded along the lines of, "If al Qaeda is calling you, we want to know why. I think that's reasonable."

The President also referred repeatedly to the limited nature of the program and the fact that its legality has repeatedly been reviewed...

...If the program is as the President described it, and the interceptions are carried out overseas, then it is outside the scope of FISA. See the definition of "electronic surveillance" to which that statute applies, 50 U.S.C. Sec. 1801(f) ..."

[appropriate statute follows]

]]>
2006-01-02T21:02:02Z2006-01-02T21:02:02Ztag:www.schneier.com,2005:/blog//2.632-comment:33008Comment from Don't Believe the Hype on 2006-01-02Don't Believe the Hype
@Davi and Nick

Thank you for your responses.

Can either of you recommend further information sources such as forums or chat rooms where one may ask questions and get knowledgable answers.

I'd like to seek answers without hijacking Bruce's site.

]]>
2006-01-02T20:02:57Z2006-01-02T20:02:57Ztag:www.schneier.com,2005:/blog//2.632-comment:33001Comment from David E on 2006-01-02David Ehttp://cradle.brokenglass.com/
"Pincus tries to breathe some life into his story . . . pathetic, frozen-in-the-1960s outlook . . ." I found the historic parallels interesting. If you don't, you don't.

More significantly, Powerline misses the point of the article. From the partisan blogger's perspective, the message Pincus is delivering must appear to something like, "Bush is even more vile than we thought. He shared the results of the Intelligence with other parts of the government!"

But if you calmly read the Post article, you'll see that Pincus says "Information from intercepts -- which typically includes records of telephone or e-mail communications -- would be made available by request to agencies *that are allowed to have it*, including the FBI, DIA, CIA and Department of Homeland Security, one former official said." [emphasis mine] Clearly Pincus doesn't believe that sharing the results of the surveillance is, in and of itself, illegal.

What is the story here, then? One answer lies in the subhead: "Fruit of Eavesdropping." If the NSA's warrantless surveillance was illegal, then its results, depending on how they were used, may be what lawyers call Fruit of the Poison Tree, "evidence gathered with the aid of information obtained illegally" ( http://en.wikipedia.org/wiki/Fruit_of_the_poisonous_tree )

Today, and thirty years ago, the warrantless domestic surveillance, though misguided, was initially the result of good intentions. Bush thinks he needs to do this to protect the nation. But, as Pincus shows, once these types of programs are created, they tend to expand in scope, and in the number of innocent people they scoop up along the way.

]]>
2006-01-02T12:25:29Z2006-01-02T12:25:29Ztag:www.schneier.com,2005:/blog//2.632-comment:32939Comment from David E on 2006-01-02David Ehttp://cradle.brokenglass.com/
@Directorblue

I read the complete article on Lexis-Nexis. The case in question, for anyone who cares, is <ABDEEN M. JABARA, Plaintiff-Appellee, v. WILLIAM H. WEBSTER, ET AL., Defendants-Appellants, No. 80-1391, UNITED STATES COURT OF APPEALS FOR THE SIXTH CIRCUIT, 691 F.2d 272; 1982 U.S. App.>

Although the NYT article was published in 1982, the surveillance in question began in 1967 and ended no later than 1972, six years *before* the 1978 FISA act.

The only place I can find the opinion freely available on the web is in Google's cache:

I've scanned the decision. It appears that the court did not consider the question of the legality of the NSA wiretap. From the decision: "Jabara, however, does not even contend on this appeal that the interception by the NSA violated his fourth amendment rights; we may therefore take as a given that the information was legally in the hands of the NSA."

Later on: "As heretofore stated, Jabara does not contend on appeal that the NSA's interception of his foreign telegraphic communications violated his fourth amendment rights, and therefore we may take as a given the proposition that the NSA lawfully received and was in possession of the communications. From this proposition defendants argue, we think correctly, that Jabara's fourth amendment rights were not violated when the summaries were turned over to the FBI because this was not a 'search' or 'seizure' within the meaning of the amendment."

Finally: "Applying this analysis utilized by our court in Bailey, we agree that Jabara exhibited an actual (subjective) expectation of privacy when he sent the telegraphic massages overseas. But the question here is whether he had an expectation of privacy that society is prepared to recognize as reasonable after the messages had lawfully come into the possession of the NSA. For it was after the messages were intercepted and within the possession of the NSA and only when they were delivered to the FBI that Jabara contents that his fourth amendment rights were violated. We do not believe that an expectation that information lawfully in the possession of a government agency will not be disseminated, without a warrant, to another government agency is an expectation that society is prepared to recognize as reasonable. In this connection, we believe that it is irrelevant that Jabara did not know that the NSA had intercepted his messages. To hold otherwise would in many instances require, for fourth amendment purposes, a succession of warrants as information, lawfully acquired, is passed from one agency to another.

We conclude, therefore, that Jabara's fourth amendment rights were not violated when the FBI obtained summaries of his overseas telegraphic communications from NSA and that the district court erred in granting summary judgment to Jabara and that, on the contrary, it should have granted summary judgment to defendants as to this claim."

To summarize: the surveillance in question occurred before the 1978 FISA law, and the court did not decide on the legality of the NSA wiretaps.

By the way, an article in today's Washington Post contains some very interesting historical context. Read the last four paragraphs:

]]>
2006-01-02T07:48:22Z2006-01-02T07:48:22Ztag:www.schneier.com,2005:/blog//2.632-comment:32915Comment from directorblue on 2006-01-01directorbluehttp://directorblue.blogspot.com
@Nick - the attorneys over at Powerline ( http://www.powerlineblog.com ) have done the most extensive analysis of this disclosure and FISA. Read their take and make your own judgment.]]>
2006-01-02T03:18:48Z2006-01-02T03:18:48Ztag:www.schneier.com,2005:/blog//2.632-comment:32885Comment from Anonymous on 2006-01-01Anonymous
I'm guessing the whole reason they don't want to go to the FISA court might be that the system automatically identifies 'targets' on-the-fly. Maybe there is some limit as to the size fo the working set, but I'm guessing that it's dynamic.

This would also imply that eveything is monitored to some degree. Thus the hair-splitting that goes on in the 'justifications'.

The Times quotes strikes me as being incomplete, or at least taken out of context. Part of the furor over Mr. Bush's actions is the 'warrantless' element.

If this ruling is still valid, why isn't it being presented as the foundation for the President's actions, instead of this whole song and dance about Article II and the Authorization to Use Force? Even Alberto Gonzales hasn't mentioned this, and you'd think HE'D have legal precedent lined up and ready to roll.

The law exists to protect US as well as the criminals/terrorists. The law is sufficient, as suggested by your finding. But Bush & Company are busy telling us it's not so - it's like a kid who didn't do his homework and is spending more time on his excuse as to how the dog ate it.

]]>
2006-01-01T22:49:02Z2006-01-01T22:49:02Ztag:www.schneier.com,2005:/blog//2.632-comment:32826Comment from directorblue on 2006-01-01directorbluehttp://directorblue.blogspot.com
'Here's the New York Times on November 7, 1982:

"A federal appeals court has ruled that the National Security Agency may lawfully intercept messages between United States citizens and people overseas, even if there is no cause to believe the Americans are foreign agents." '

That snippet was published a few days ago in the Toledo Blade. Linkage here:

"Is it too much to ask that the Times check their own microfiche first?"

Do you have the name of the case? Courts keep better records, with much more accurate summaries.

]]>
2006-01-01T08:02:03Z2006-01-01T08:02:03Ztag:www.schneier.com,2005:/blog//2.632-comment:32689Comment from 2006_elections on 2005-12-312006_elections
A couple of notes about this issue (Bush, NSA, and communication traffic analysis.)
1) Politicians justify their actions using whatever rationale is available (9-11). I think that they even lie to themselves about why they did something. President Bush will never admit that he did something wrong.
2) The primary reason Bush & co did not get court approval for these actions is because they could not. Poindexter's (sorry about the spelling) TIA had gotten voted against by two separate congresses and there is no way a judge could have approved massive wiretaps when Congress had twice denied this very sort of thing.
3) President Bush will not get impeached unless Congress approves and this will not happen unless Democrats gain control or a large number of moderate Republicans vote for impeachment. Either way, the 2006 congressional elections will worth watching.
]]>
2005-12-31T18:45:39Z2005-12-31T18:45:39Ztag:www.schneier.com,2005:/blog//2.632-comment:32687Comment from directorblue on 2005-12-31directorbluehttp://directorblue.blogspot.com
November 7, 1982 - four years after Congress passed Foreign Intelligence Surveillance Act (FISA).
]]>
2005-12-31T17:58:22Z2005-12-31T17:58:22Ztag:www.schneier.com,2005:/blog//2.632-comment:32686Comment from Anonymous on 2005-12-31Anonymous
"A federal appeals court has ruled that the National Security Agency may lawfully intercept messages between United States citizens and people overseas, even if there is no cause to believe the Americans are foreign agents."

1962 is pre-FISA. I disagree with that ruling in the first place, as it does seem to constitute a search, and so would be unconstitutional without a warrent, but that is beside the point. The court said it was legal then. The laws have changed. "Yes, officer, I'm in posession of several pounds of pot... it was legal before newer laws were passed, so I can't have committed a crime!"

I'll say it again. It's amazing how much information is out there in the New York Times' microfiche (not to mention the general Internet) that's left unreported. One can then only surmise that the latest revelations are the result of partisan hackery, rather than any general public interest.

Here's the New York Times on November 7, 1982:

"A federal appeals court has ruled that the National Security Agency may lawfully intercept messages between United States citizens and people overseas, even if there is no cause to believe the Americans are foreign agents."

Is it too much to ask that the Times check their own microfiche first?

]]>
2005-12-31T13:49:16Z2005-12-31T13:49:16Ztag:www.schneier.com,2005:/blog//2.632-comment:32596Comment from Scott From Austin on 2005-12-30Scott From Austin
"For the most part, I agree with this."

Your statements is ambiguous. Can you specify which parts do you agree with and which parts to you disagree?

]]>
2005-12-31T00:31:37Z2005-12-31T00:31:37Ztag:www.schneier.com,2005:/blog//2.632-comment:32587Comment from Bruce Schneier on 2005-12-30Bruce Schneierhttp://www.schneier.com/blog
"The thing is, the USA has no experience of terrorism. You've never had to deal with it, so after one attack everyone starts panicking and throwing away their rights because they're terrified of some largely-imaginary bogeyman."

For the most part, I agree with this.

]]>
2005-12-30T23:04:19Z2005-12-30T23:04:19Ztag:www.schneier.com,2005:/blog//2.632-comment:32584Comment from Bruce Schneier on 2005-12-30Bruce Schneierhttp://www.schneier.com/blog
"I don't suppose you have a credible source proving the existance of 'Project shamrock.'"

Pretty much any history book of the topic and era. I don't think there's any dispute about the project, or its details. The government, the NSA, historians all agree. Bamford's books give a good history. The first book is more detailed, but the second has additional information because Bamford had the cooperation of the NSA when he wrote it. If you want to dealve into primary sources, there are declassified documents and the record of the Church Commission. Also, you can check out newspaper articles from the early 1970s when the program became public.

Honestly, there isn't any issue here.

]]>
2005-12-30T23:03:12Z2005-12-30T23:03:12Ztag:www.schneier.com,2005:/blog//2.632-comment:32583Comment from Bruce Schneier on 2005-12-30Bruce Schneierhttp://www.schneier.com/blog
"Credible source on Project Shamrock would be James Bamford's books, mentioned above. Given that he won a Pulitzer I'd say he's reasonably credible."

He is very credible on these issues. His second book was written with considerable access to NSA inside information.

]]>
2005-12-30T23:00:21Z2005-12-30T23:00:21Ztag:www.schneier.com,2005:/blog//2.632-comment:32574Comment from Davi Ottenheimer on 2005-12-30Davi Ottenheimerhttp://davi.poetry.org/
"Ok, so by what means do us non-security experts do to help protect ourselves?"

You have lots of options, but at a high level I see the following two paths suggested regularly:

1) Attempt total surveillance of your own identity and be extra cautious about who/where/when you communicate in order to achieve a degree of anonymity that helps you protect your privacy as necessary. For example, never purchase anything in your own real name. Ever. Some do this by declaring their own ID secret and using the ID of a corporation (also considered a "person" under US law) public.

2) Actively cultivate and broadcast a wealth of information about your own identity to create a public record in order to achieve a degree of incontestability about yourself in order to protect your private self as necessary. For example, run for office and regularly rail against those evil-doers who are nothing like you. Yes it's propaganda, but just think about the movie stars who hire publicists to cultivate a more successful image for them.

Both have trade-offs and there are surely many combinations of these as well as other approaches. Good luck.

Oh, and don't forget to demand checks and balances and the human right to privacy be respected by government. Write your Senator today...

In instances like this, where the security implications are outside one's immediate control, the answer is to be mindful and remain involved in politics, as well as to be a smart consumer.

That is, whether Mr. Bush is talking about a heretofore super-secret spy program, or mutli-billion dollar software to protect us against Tinky-Winky ... we all have a stake and a voice in that decision, expressed through writing one's senators and representative.

@ Hexil:

We acknowledge the NSA's technical capability, yet we trust them to follow the law. Mr. Bush's order would suggest that he/they are not, and thus the questions.

It's not about any one agency being inherently evil or anti-democratic.

]]>
2005-12-30T22:02:49Z2005-12-30T22:02:49Ztag:www.schneier.com,2005:/blog//2.632-comment:32558Comment from Don't Believe the Hype on 2005-12-30Don't Believe the Hype
Ok, so by what means do us non-security experts do to help protect ourselves?

Is it already hopeless and we laymen should quit using technology?

I've enjoyed reading this website for about a month now, but with each new entry, I become even more frustrated. The problems are pointed out, and many times the answers are assumed. I don't mean you should dumb things down all the way, but maybe *occasionally* someone could toss out a recommendation to those of us less in the know. Maybe you'll achieve better overall security by a more informed masses.

]]>
2005-12-30T20:29:47Z2005-12-30T20:29:47Ztag:www.schneier.com,2005:/blog//2.632-comment:32556Comment from Dennis on 2005-12-30Dennis
Credible source on Project Shamrock would be James Bamford's books, mentioned above. Given that he won a Pulitzer I'd say he's reasonably credible.]]>
2005-12-30T20:00:27Z2005-12-30T20:00:27Ztag:www.schneier.com,2005:/blog//2.632-comment:32537Comment from David Thomas on 2005-12-30David Thomashttp://www.therealitycheck.org/GuestColumnist/isterrett123005.htm

Um... It would appear that USSID are internal directives of the NSA[1]. They can hardly allow the NSA to do anything the NSA was not already allowed to do, if we have any illusion of checks and balances. Citing them here may be proof of earlier abuse, but does not lend any legal support. The president has an obligation to uphold the laws of the US. If an agency is acting illegally, he should prosecute, not say, "Excellent, do more of that."

Additionally, I would like to point out the following statement, http://www.nsa.gov/releases/relea00059.html, which contains:
"Under FISA, NSA may only target communications of a U.S. person in the United States if a federal judge finds probable cause to believe that the U.S. person is an agent of a foreign power."

It is further clearly stated in the statement that executive orders can impose additional constraints, but cannot loosen those applied by FISA.

[1] This is the best I can determine, I have been unable to find any primary source. If anyone knows of one, either direction, please point me to it.

Just wondering how "Chapter and verse" listed above holds up against the author's 'justification'.

Each 'side' seems to have justifiable grounds to deem these actions "legal" (or not). I suppose it would really take a Supreme Court determination of all the statutes involved to really know if these actions are/were "legal".

]]>
2005-12-30T15:58:48Z2005-12-30T15:58:48Ztag:www.schneier.com,2005:/blog//2.632-comment:32524Comment from Ryan on 2005-12-30Ryan
I don't suppose you have a credible source proving the existance of "Project shamrock".

Well, we have _some_ experience; the WTC bombing in 1993, the USS Cole, several embassies abroad, and the guy trying to sneak explosives across the Canadian border for New Year's 2000 come to mind.

The whole point is, I think, to *not have* too much experience with terrorism. That sort of failure would be intolerable to the American public.

]]>
2005-12-30T15:17:43Z2005-12-30T15:17:43Ztag:www.schneier.com,2005:/blog//2.632-comment:32513Comment from Hexil on 2005-12-30Hexil
Schneier you are the last person I would have expected to be parrotting the idea that the NSA spies on US citizens' communications because of a "Bush order".

Got any thoughts what they were doing with the exact same technology, capabilities, staff, budget and programs before 9/11 and this order came through?